Governance and Oversight

• Own and maintain the Group Outsourcing and Third-Party Risk Management Framework, ensuring it remains aligned with regulatory expectations, market standards, and the Group’s risk appetite.

• Provide strategic oversight for outsourcing activities across the Group, ensuring consistent application of policy and procedures.

• Advise senior management and Boards on outsourcing risks, emerging trends, and regulatory developments.

Oversight of Outsourced and Third-Party Arrangements

• Ensure all outsourcing and third-party arrangements are appropriately identified, assessed, approved, documented, monitored, and periodically reviewed.

• Oversee the lifecycle of third-party engagements, from initial assessment and due diligence through contract oversight, performance monitoring, and exit.

• Maintain appropriate registers and documentation that reflect the Group’s outsourcing landscape.

Risk Management & Operational Resilience

• Ensure outsourcing arrangements do not compromise the Group’s operational resilience, risk management, data protection, or supervisory obligations.

• Lead the identification and assessment of outsourcing risks, including criticality, concentration risk, and dependency risk.

• Oversee contingency and exit strategies to ensure continuity of business operations in the event of provider disruption.

Cross-Functional Collaboration

• Work closely with Legal, Risk, Compliance, ICT, Information Security, Data Protection, and other functions to ensure that outsourcing and third-party arrangements meet internal and external requirements.

• Provide guidance to first-line teams engaging in or managing outsourced or third-party relationships, ensuring adherence to the outsourcing framework.

• Promote awareness and understanding of outsourcing requirements across the Group through training and stakeholder engagement. 

Monitoring, Assurance & Reporting 

• Establish mechanisms to monitor provider performance, service delivery, and adherence to contractual and regulatory obligations.

• Escalate material risks, breaches, and underperformance to senior management and relevant governance bodies.

• Prepare regular reporting and management information (MI) to support Board and committee oversight of outsourcing and third-party risks.

Regulatory Engagement 

• Act as a key point of contact for regulatory matters relating to outsourcing and third-party risk.

• Ensure the Group meets regulatory expectations for outsourcing notifications, approvals, inspections, and reporting across all jurisdictions.

• Maintain awareness of evolving regulatory requirements and ensure the Group’s outsourcing framework adapts accordingly.

• +5 years of experience in outsourcing, third-party risk, operational risk, or compliance within a regulated financial services environment;

• Proven experience designing or managing a group-wide outsourcing / third-party risk framework;

• Strong knowledge of regulatory requirements (e.g., CySEC, FCA, CMA (formerly SCA));

• Experience overseeing the full outsourcing lifecycle, including due diligence, risk assessment, ongoing monitoring, and exit strategies;

• Ability to assess and manage critical outsourcing risks (concentration, dependency, operational resilience);

• Experience working across multiple jurisdictions and advising senior stakeholders;

• Strong stakeholder management across Legal, Risk, Compliance, and Technology functions;

• Hands-on, build-oriented mindset with the ability to scale processes in a growing organization.

Market Analysis & Research

Content Creation (Marketing Channels)

Media & PR Engagement

Internal Collaboration

• Proven track record leading a compliance and AML function at Head, AMLCO, or equivalent level within a CBC regulated entity - EMI, payment institution.

• Deep knowledge of the Electronic Money Laws of 2012 and 2018, the CBC's AML/CTF Directive including the 2025 update, applicable EU AML Directives, and FATF recommendations.

• Direct experience owning the CBC supervisory relationship - leading responses to thematic reviews, managing on-site visits, and handling sensitive regulatory correspondence.

• Ability to operate at Board level: presenting clearly, challenging constructively, and translating complex regulatory requirements into decisions management can act on.

• Strong grasp of EMI prudential requirements - PIEMI RR reporting, capital adequacy frameworks, and client fund safeguarding obligations.

• Experience designing and improving transaction monitoring and sanctions screening programmes, including managing system performance and reducing false positive rates.

• Demonstrated ability to build compliance frameworks from the ground up or restructure existing ones as a business evolves.

• Holds or is working towards a relevant professional AML qualification - such as ICA, ACAMS, or equivalent - accepted as evidence of competence for the AMLCO role; prior CBC approval as AMLCO is a strong advantage.

• Degree in Law, Finance, Economics, or a related field; postgraduate qualification is an advantage.

• Fluency in English.

Strategy & Business Leadership

• Lead the company in executing its strategic plan, ensuring alignment with shareholder objectives, the company's values, and CBC regulatory obligations, reporting to the Board on performance, strategy, and governance matters.

• Drive the company's development through new business opportunities, ensuring all growth is aligned with the regulatory framework and the company's risk appetite.

• Establish the company's risk appetite together with the Board and relevant stakeholders, ensuring adequate systems and controls are in place in line with Board-approved policies.

• Actively engage with key stakeholders - including regulators, counterparties, and clients - to maintain productive relationships and provide transparent updates on the company's direction and performance.

• Represent the company in regulatory, legal, and stakeholder engagements, acting as the primary external face of the business.

Operations & Financial Management

• Provide oversight and direction across all areas of day-to-day operations, including finance, compliance, risk management, AML/CTF, client servicing, technology, and human resources.

• Oversee financial performance, ensuring operational efficiency and growth while meeting financial targets, manage the preparation of financial reports and management accounts for review by the Board and shareholders.

• Ensure the company maintains adequate capital at all times to meet CBC prudential requirements, including the minimum own funds requirement under the Electronic Money Laws of 2012 and 2018 and the CBC's Electronic Money Institutions Directive of 2025.

• Oversee the company's technology infrastructure, ensuring it supports operational needs, meets cybersecurity standards, and that the company's digital operational resilience framework is managed in line with DORA obligations.

• Manage the company's passporting rights across the EEA, ensuring host state notifications, conduct-of-business rules, and local regulatory expectations are met in each market served.

• Oversee the New Product Approval Process (NPAP), ensuring material changes to products, customer segments, geographies, or delivery channels are assessed for regulatory, financial crime, and operational risk before launch, and notified to the CBC where required.

Regulatory & Compliance Oversight

• Ensure the company operates in full compliance with all applicable CBC regulations, EU legislation, and AML/CTF obligations, including the Electronic Money Laws of 2012 and 2018 and the CBC's EMI Directive of 2025.

• Maintain a transparent and constructive relationship with the CBC, ensuring timely and accurate responses to all supervisory requests and correspondence.

• Keep the Board informed of all material regulatory developments, control failures, and compliance matters on a timely basis.

• Respect and protect the independence of the risk management, compliance, and internal audit functions, ensuring key function holders have sufficient authority and resources to perform their duties effectively.

• Oversee the company's Outsourcing Policy and the governance of intragroup service arrangements with Capital.com Group entities, ensuring compliance with EBA Outsourcing Guidelines, clear SLAs, exit plans for critical or important functions, and robust conflict-of-interest controls.

Governance & Internal Controls

• Ensure the company has adequate internal control functions in place - compliance, risk management, and internal audit - and that each is appropriately resourced and independent.

• Set the governance tone across the organisation, ensuring that policies, controls, and decision-making frameworks are respected at every level.

• Oversee and govern the company's safeguarding framework end-to-end, including the choice of safeguarding method, selection and oversight of safeguarding credit institutions, and the policy governing segregation of client funds.

• Ensure daily reconciliation of safeguarded funds against customer liabilities, with clear escalation paths for any shortfall or breach.

• Coordinate with group entities to ensure, where applicable, intercompany service arrangements operate effectively, in compliance with applicable requirements, and with appropriate conflict of interest controls in place.

• Work closely with the Head of Compliance & AMLCO to sponsor a culture of compliance across the business, where regulatory obligations are understood and taken seriously at all levels.

People & Culture

• Provide leadership to the executive team, set clear performance expectations, and build a high-performance culture that supports the long-term success of the company.

• Ensure staff collectively possess the skills and experience needed to manage the company's affairs soundly, and that employees meet any training and competency requirements specified by the CBC.

• As the business grows, assess organisational capacity and make timely appointments to key functions.

• Minimum of 10 years in financial services - payments, electronic money, fintech, or a related regulated environment - with proven experience at senior management level, including direct responsibility for regulatory compliance, financial oversight, and team leadership.

• Direct experience operating within a CBC or EBA-regulated entity, with a solid understanding of the EMI or payment institution regulatory framework in Cyprus or the EU.

• Demonstrated ability to lead an organisation or business unit with significant financial, operational, and regulatory responsibilities.

• Strong grasp of EMI prudential requirements - capital adequacy, client fund safeguarding, PIEMI RR regulatory returns, and CBC reporting obligations.

• Track record of building and maintaining productive relationships with regulators, including managing supervisory correspondence, inspections, and thematic reviews.

• Ability to operate effectively at Board level - presenting clearly, making sound decisions under uncertainty, and balancing commercial objectives with regulatory obligations.

• High-level understanding of AML/CTF frameworks, risk management practices, and corporate governance requirements for CBC-regulated entities.

• Familiarity with DORA requirements and ICT risk governance obligations as they apply to EMIs.

• Working knowledge of PSD2 and the upcoming PSD3/PSR framework, and practical experience managing EEA passporting obligations is an advantage.

• Academic degree at bachelor's level or above; MBA or postgraduate qualification is an advantage.

• Must satisfy the CBC's fit and proper requirements, including competence, integrity, and financial soundness.

• Must be based in Cyprus and able to devote full working hours to the role - any external non-executive positions must be disclosed and assessed for compatibility with this commitment.

• Fluency in English.

AI Threat Detection & Mitigation

Secure Development & DevSecOps

Data Protection & Compliance

Governance & Policy

• Design and continuously evolve the enterprise risk framework - risk appetite, taxonomy, governance, and the operating model across the three lines - for a business spanning six regulated entities and growing

• Lead all risk domains: market, credit, liquidity, operational, conduct, technology, regulatory, and crypto risk

• Oversee the 24-hour risk monitoring function that supports Capital.com's global trading platform

• Own hedging strategy oversight and client exposure management in partnership with the Dealing function

• Drive capital planning, ICAAP/ILAAP, stress testing, VaR back-testing, and scenario analysis across all entities

• Ensure full DORA compliance across ICT risk management, digital operational resilience, and third-party ICT oversight

• Own the MiCA and CASP risk obligations as Capital.com expands into spot crypto across the EU

• Lead regulatory relationships proactively across the FCA, CySEC, ASIC, DFSA, and CMA - and build those relationships in new markets as licences are secured

• Support new jurisdiction entry from day one - providing risk leadership on market expansion before launch

• Build and develop the risk team - developing talent, managing inherited structures, and building the function the business needs for 2028, not just today

• Report to ExCo and the Board on risk matters - translating complexity into clear business language and decisions that enable growth

Experience and credentials

• Significant senior risk leadership experience in a regulated financial services environment - trading, brokerage, CFD, or closely adjacent

• Deep multi-jurisdictional regulatory knowledge - FCA and CySEC are essential; ASIC, DFSA, CMA, and MiCA/CASP experience are a strong advantage

• Proven track record building or materially maturing a risk function - not just maintaining one that already works

• Strong technical depth across market risk, operational risk, regulatory capital, and digital resilience (DORA)

• CFA or FRM preferred - exceptional experience may substitute

How you operate

• You move without being directed. When you see a problem, you act on it - you do not wait to be asked.

• You take end-to-end ownership. You drive outcomes. You do not pass the buck.

• You bring fresh thinking. You do not default to how it was done in your last role.

• You listen. You build trust across teams. You develop the people around you.

• You are commercial. You understand that risk management exists to enable growth - not to obstruct it.

• You are board-ready. You can hold your own in a regulator meeting, an ExCo debate, or a conversation with the founder.

• Lead and manage full licensing projects for Payment Service Providers (PSPs), Electronic Money Institutions (EMIs), and related payment frameworks across multiple jurisdictions.
• Own preparation and submission of licence applications, regulatory filings, and related documentation end-to-end.
• Draft, review, and approve business plans, policies, manuals, governance documents, and internal procedures required for payment regulatory submissions.
• Maintain structured documentation, trackers, and version control for all assigned projects.
• Ensure payment-specific regulatory requirements are comprehensively mapped and consistently reflected in all application materials.
• Conduct complex legal and regulatory analysis across payment services frameworks, including PSD2/PSD3, EMD2, and equivalent regimes in non-EU jurisdictions.
• Identify regulatory risks, propose mitigation strategies, and escalate material issues to the Head of Licensing where required.
• Interact with payment regulators where appropriate, subject to prior approval from Head of Licensing and/or CLO.
• Provide strategic regulatory and compliance advice to internal stakeholders on payment-related matters, including scheme rules, agent/distributor arrangements, and passporting.
• Review commercial agreements with payment regulatory implications, including acquiring agreements, payment processing contracts, and banking/settlement arrangements.
• Assess new payment products and business model changes for licensing and regulatory impact, providing commercially grounded legal guidance.
• Collaborate closely with Finance, Treasury, Product, and Operations teams to align payment licensing strategy with commercial and operational objectives.
• Oversee and support work allocated to Legal Counsel(s), providing guidance, quality control, and mentorship.
• Use AI tools responsibly to enhance drafting, research, and regulatory analysis, and promote adoption of structured AI workflows within the team.
• Drive continuous improvement of licensing templates, trackers, and submission methodologies specific to the payments function.

• Minimum 5 years PQE as a qualified lawyer; prior law firm or in-house experience in payments or fintech is strongly preferred.
• Significant experience in payment services regulation, including PSP and/or EMI licensing across European or other major jurisdictions.
• Deep knowledge of PSD2/PSD3, EMD2, and/or equivalent payment regulatory frameworks; familiarity with MENA, APAC, or other non-EU payment regimes is an advantage.
• Demonstrated experience leading full licence applications across multiple jurisdictions independently.
• Experience coordinating with external legal and compliance consultants and payment scheme representatives.
• Strong drafting, regulatory interpretation, and analytical skills.
• Commercially oriented, with a solid understanding of payment business models, settlement flows, and scheme obligations.
• Proven ability to manage complex projects independently, including multi-workstream oversight.
• Ability to delegate effectively and support junior team members.
• Business-level English proficiency (B2/CEFR or above).
• Intermediate to advanced AI literacy, with structured integration into daily workflows.